Troubleshooting “ssh_exchange_identification: Connection closed by remote host” Error in Ubuntu SSH Configuration


6 views

The immediate symptom suggests the SSH daemon is terminating the connection during the initial protocol exchange. The debug output showing missing host keys (/etc/ssh/ssh_host_rsa_key and /etc/ssh/ssh_host_dsa_key) points to a critical configuration problem.

First, check if the SSH service is actually running:

sudo systemctl status sshd
# OR for older systems
service ssh status

If the service isn't running, start it with:

sudo systemctl start sshd
sudo systemctl enable sshd

The standard key generation commands might not properly set permissions. Try this comprehensive approach:

# Remove existing keys (backup first if needed)
sudo rm /etc/ssh/ssh_host_*
# Regenerate all key types with proper permissions
sudo ssh-keygen -t rsa -b 4096 -f /etc/ssh/ssh_host_rsa_key -N ""
sudo ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N ""
# Set strict permissions
sudo chmod 600 /etc/ssh/ssh_host_*
sudo chmod 644 /etc/ssh/ssh_host_*.pub
# Restart SSH service
sudo systemctl restart sshd

Since you're using a non-standard port (7070), ensure proper configuration:

# Check sshd_config port setting
grep ^Port /etc/ssh/sshd_config
# Verify firewall rules
sudo ufw status
sudo iptables -L -n

Examine these critical SSH configuration parameters:

# Check for any restrictive settings
sudo grep -E '^(Allow|Deny)(Users|Groups)' /etc/ssh/sshd_config
# Verify authentication methods
sudo grep -E '^(PasswordAuthentication|PubkeyAuthentication)' /etc/ssh/sshd_config

Run SSH in debug mode on the server to get more detailed information:

sudo /usr/sbin/sshd -d -p 7070

This will keep the daemon in foreground mode with debug output, showing exactly where the connection fails.

Test basic connectivity from another machine:

nc -zv your.server.ip 7070
# If netcat isn't available, use:
telnet your.server.ip 7070

Always check the system logs for additional clues:

sudo tail -f /var/log/auth.log
# Or on newer systems:
sudo journalctl -u sshd -f

If all else fails, perform a complete reinstallation:

sudo apt purge openssh-server
sudo rm -rf /etc/ssh
sudo apt install openssh-server
sudo ssh-keygen -A
sudo systemctl restart sshd

The error message indicates that the SSH handshake process is failing during the initial key exchange phase. From your debug output, two critical host keys appear to be missing: ssh_host_rsa_key and ssh_host_dsa_key.

First, let's properly regenerate the missing host keys with correct permissions:

sudo rm /etc/ssh/ssh_host_*
sudo ssh-keygen -t rsa -b 4096 -f /etc/ssh/ssh_host_rsa_key -N ""
sudo ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N ""
sudo ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N ""
sudo chmod 600 /etc/ssh/ssh_host_*
sudo chmod 644 /etc/ssh/ssh_host_*.pub

Check your /etc/ssh/sshd_config for these essential settings:

Port 7070
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
LoginGraceTime 120
PermitRootLogin prohibit-password
StrictModes yes
MaxAuthTries 6
MaxSessions 10

After making changes, always verify your configuration:

sudo sshd -t
sudo systemctl restart ssh
sudo systemctl status ssh

Since you're using a non-standard port (7070), ensure:

sudo ufw allow 7070/tcp
sudo netstat -tulnp | grep 7070

For deeper analysis, run sshd in debug mode:

sudo /usr/sbin/sshd -d -p 7070

Then attempt connection from another terminal with maximum verbosity:

ssh -vvv -p 7070 user@host

If standard SSH fails, try these diagnostic approaches:

# Test basic TCP connectivity
nc -zv host 7070

# Check for SELinux issues
sudo ausearch -m avc -ts recent

# Verify PAM authentication
sudo tail -f /var/log/auth.log

These commands help identify system-level issues:

# Check for disk space issues
df -h

# Verify system logs
journalctl -u ssh --no-pager -n 50

# Check for resource constraints
ulimit -a
free -h